PT-2026-57680 · Apache · Apache Gravitino
Darpan Patel
·
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-49876
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino.
This issue affects Apache Gravitino: from 1.0.0 through 1.2.1.
Users are recommended to upgrade to version 1.3.0, which fixes the issue.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Gravitino